Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
User Settings
LAN Parties
Upcoming one-time events:

Regularly scheduled events

Report this Comment
Use this form to report the selected comment to the moderators. Reporting should generally be used only if the comment breaks forum rules.

238. Re: Diablo III Hacking? May 23, 2012, 10:17 Verno
My coworker (btw, I am a Systems Security Engineer for the govt (CISSP), and have been doing security for decades) started up Wireshark, and then D3.. he was telling me how easy it was to hijack his session..the session ID floating around out there.. and then we got into the 2 step process it took to reverse engineer his authenticator.

Yeah, a friend of mine mentioned their use of unencrypted session IDs on the forums and they won't comment. went down for maintenance later on as well which is amusing timing. I'd also note this same problem happened with Rift at launch but at least the devs owned up to it and fixed things quickly. This will likely just be handwaved away under the predictable guise of "ppl r stupid with computars!" which may be true but doesn't really answer every single case of this.

The other thing is that accounts are very lucrative to hack. They are worth $25-50 a pop on the "black market", pose no risk of prosecution and are highly in demand. The idea that Blizzard is some unhackable entity just by virtue of being a profitable corporation is laughable. Quite often it's those same institutions which view IT/IS as money black holes and don't invest enough in them.
Playing: Fallout 4, Warhammer Vermintide
Watching: Ash vs Evil Dead
Login Email   Password Remember Me
If you don't already have a Blue's News user account, you can sign up here.
Forgotten your password? Click here.


Blue's News logo